Your smartphone is your daily companion. Probably most of our activities depend on them, from ordering food to booking doctor’s appointments. However, the threat landscape is always a reminder of how vulnerable smartphones can be.
Consider the recent discovery by Oversecured, a security startup. These experts observed dynamic code loading and its potential dangers. Why is this a problem? Well, the Google app uses code that isn’t built into the app itself. Okay, this might sound confusing, but it all works in favor of optimizing certain processes. Therefore, Google exploits code libraries preinstalled on Android phones to reduce their download size. In fact, many Android apps use this trick to optimize the memory required to run.
As revealed by Oversecured, attackers could compromise this code retrieval from libraries. Instead of Google getting code from a reliable source, it could be tricked into taking code from malicious apps running on the device in question. Thus, the malicious app could get the same permissions as Google. And the latter giant usually gets access to your email, search history, call history, contacts, and more.
The scariest part: Anything can happen without your knowledge. Let’s talk about other creepy threats scaring mobile devices these days.
Top Mobile Security Threats
When you download and launch a new app on your smartphone, you need to pay attention to the pop screen that appears. It’s a permissions popup, asking to give the app some permissions. Unfortunately, granting broad permissions to dangerous apps can have serious consequences. Hackers can hack the database that stores all this information and all your data can be leaked.
But with some recent developments in Android 11 and IOS 14, users can refuse unnecessary permission requests or even grant them only once. Never give apps all permissions, check what permissions they need to run and only grant those.
Therefore, it is important to protect the device by not using public WiFi hotspot. Remember, never be seduced by a “Free Wi-Fi” posted in a cafe, restaurant or hotel.
Spyware pretending to be an update
Bug fixes, longevity, and an overall security boost are the top three reasons you should always update your operating system. However, there are instances when you need to fight this instinct. If you find a random application called System Update, pay attention to its true nature. As reported, this nasty Android threat pretends to be a system update. Unfortunately, his true intentions are far more sinister. Once installed (outside of Google Play, which is already a dangerous practice), the app starts stealing victims’ data. As? Well, it connects to the culprits’ Firebase server, the tool used to take remote control of the infected device.
What can this spyware steal? Basically everything. Your messages, contacts, browser bookmarks and more are at your fingertips. An even scarier reality is that it can record phone calls, monitor your location, and steal photos.
Malware via SMS messages
We all know the feeling of receiving bizarre text messages. But sometimes such attempts are nothing more than social engineering scams. A recently discovered TangleBot is one of the latest examples to enter the mobile threat landscape.
Apparently, the malware is proliferated via fake messages sent to users in the US and Canada. Most often, they provide specific COVID-19 information and encourage recipients to click on embedded links. When users click the link, they are directed to a website that prompts them to install an Adobe Flash update. If you choose to install it, TangleBot will proudly enter your system. What can I do? Lots of things from stealing data to taking control of certain apps.
How do I defend my device?
- Use updated operating systems. Only use the latest operating systems like Android 11 and 12 as they have the latest security codes. However, only install updates from reliable sources. An app randomly floating online is not the right choice to keep your device updated.
- firewalls. Always have a firewall securing your device. It works like a normal firewall. When your mobile device sends a request to a network, the firewall forwards a verification request to the network. Also, it contacts the database to verify the device.
- Be careful in app stores. Even if you trust the Google Play Store, don’t install every available app. It is a known fact that many available applications are far from reliable. For example, you might accidentally download cryptocurrency mining malware, banking Trojans, or intrusive adware.
- Use a VPN. If you are in a position where you cannot avoid using public WiFi, you need to download VPN apps. They hide all your activities from hackers lurking on the network and protect your sensitive information.
- Do not jailbreak your device. iPhones can be a bit restrictive. Therefore, many might consider jailbreaking to get the ability to customize their devices. However, a jailbroken smartphone is more vulnerable; You will likely void your warranty and have trouble installing the required updates.
Mobile threats evolve over time and will continue to improve as well. But we don’t have to worry about that. The only thing that needs our concern is our security and privacy. Therefore, all precautions must be taken to avoid potential hazards.